ssh


Various problems with legacy SSH systems

Case 1

Unable to negotiate with 192.168.1.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

We solved this problem using the following command:

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 [email protected];

Case 2

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 [email protected];
Unable to negotiate with 192.168.1.1 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss

We solved this problem using the following command:

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss [email protected];

How to Create a Custom Local DNS Entry on a Ubiquity Dream Machine Pro

DNS (Domain Name System) is an essential part of the internet infrastructure that translates domain names into IP addresses. However, you can also use DNS for internal networks to assign custom hostnames to specific IP addresses. In this post, we will discuss how to create a custom local DNS entry on a Ubiquity Dream Machine Pro.

The first step is to assign a static IP address to the machine you want to create a custom DNS entry for. To do this, log in to the Dream Machine Pro’s web interface and navigate to https://10.1.1.254/network/default/clients. Find the machine you want to assign a static IP address to and click the “Static” button. Enter the IP address you want to assign and click “Save”.

Next, you need to assign a specific hostname to the machine. However, you might run into an error message that says “An error occurred while changing your settings”. This error occurs when you use a specific domain name like “bytefreaks.lcl”. To work around this issue, you can use a different TLD like “.net” instead.

If you still want to use the “.lcl” TLD, you will need to SSH into the Dream Machine Pro to modify the configuration files. Use the following SSH command to log in as root:

ssh -p 22 -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa [email protected];

If the default SSH command produces an error, you can use the above custom SSH command to log in successfully.

Once you have logged in via SSH, you will need to modify the following files:

  • /run/dnsmasq.conf.d/dns.conf
  • /mnt/data/udapi-config/ubios-udapi-server/ubios-udapi-server.state

The /run/dnsmasq.conf.d/dns.conf and /mnt/data/udapi-config/ubios-udapi-server/ubios-udapi-server.state files contain information about the local DNS entries. Use the “vi” editor to modify the /run/dnsmasq.conf.d/dns.conf file and replace the “.net” TLD with the “.lcl” TLD.

After you have made the necessary changes, exit the editor and kill the dnsmasq process using the following command:

pkill dnsmasq;

This command will stop the dnsmasq process, which is responsible for the DNS resolution. Then, execute dnsmasq again to ensure that it is running properly.

Now, you should be able to view your machine using the custom “.lcl” TLD from a browser. By creating a custom local DNS entry, you can simplify your local network administration and access your devices more easily.


Create an SSH tunnel for HTTP web server proxy

Once upon a time, in a kingdom of computers and networks, there lived a brave knight named “ssh”. He was known throughout the land for his bravery and cunning abilities to securely transport data between two distant lands.

One day, a young prince came to the knight with a request. The prince had a precious website that was housed in a remote castle, accessible only by a specific host known as “remotehost”. He wanted his people to be able to visit the website, but the path was treacherous and insecure.

The prince asked the knight if he could help him. The knight thought for a moment and then said, “Fear not, young prince! I can help you. I shall use my magical command ‘ssh -L 80:remotehost:80 user@myserver’ to create a secure pathway for your people to visit the website.”

The prince was overjoyed and asked the knight to explain how it worked.

“The ‘-L’ flag stands for Local Forwarding. It creates a tunnel between the local computer and the remote server, which we shall call ‘myserver’. This tunnel shall forward all requests from the local port 80 to the remote host ‘remotehost’ on port 80,” explained the knight.

“And ‘user@myserver’?”, asked the prince.

“Ah, yes. That is the credentials of the user that we shall use to log in to the remote server ‘myserver’. This shall ensure that the communication between your local computer and the remote host is secure and protected,” the knight replied with a nod.

The prince was grateful and thanked the knight for his help. The knight then used his magical command and created a secure pathway for the prince’s people to visit the website, which they did happily ever after.

And that, dear reader, is the story of the command “ssh -L 80:remotehost:80 user@myserver”.

ssh -L 80:remotehost:80 user@myserver;

The command ssh -L 80:remotehost:80 user@myserver is an example of using the ssh utility to create a secure shell connection to a remote server. The command also establishes a local port forward, which forwards all incoming traffic on the local port 80 to the remote host remotehost on port 80.

ssh (Secure Shell) is a protocol for securely accessing a remote computer. The basic usage of ssh is to log in to a remote server using a username and password or an SSH key. The ssh command allows you to securely log in to a remote server, execute commands on the remote server, and transfer files between your local computer and the remote server.

In this particular command, the -L flag is used to specify a local port forward. A local port forward is a way of forwarding traffic from a local port to a remote host and port. In this case, the traffic is being forwarded from the local port 80 to the remote host remotehost on port 80.

The user@myserver part of the command is the credentials that are used to log in to the remote server myserver. The user is the username and myserver is the hostname or IP address of the remote server. The combination of the username and remote server information allows ssh to securely log in to the remote server.

Once the secure shell connection has been established and the local port forward has been created, any traffic sent to the local port 80 will be forwarded to the remote host remotehost on port 80. This allows the local computer to access services on the remote host as if they were running on the local computer.

In summary, the ssh -L 80:remotehost:80 user@myserver command is an example of using the ssh utility to create a secure shell connection to a remote server and establish a local port forward. The local port forward allows the local computer to access services on the remote host as if they were running on the local computer.

ssh -L 80:remotehost:80 user@myserver;

Once the connection has been established using the command ssh -L 80:remotehost:80 user@myserver, you can access the website hosted on the remote host remotehost by browsing to http://localhost in your web browser.

Since the local port 80 has been forwarded to the remote host remotehost on port 80, all traffic sent to http://localhost will be forwarded to the remote host. This allows you to access the website hosted on the remote host as if it were running on your local computer.

Keep in mind that the secure shell connection created using the ssh command must be active and running in order to access the website hosted on the remote host. If the connection is closed or terminated, the website will no longer be accessible through the local port forward.


An easy way to SSH into a Gnome Boxes OS

Recently, we set up an Ubuntu Server in a Gnome Boxes virtual machine. We wanted to perform an ssh connection into it to make administration easier. In the properties of the VM that are visible from the GUI, there was no option to edit the network cards and set up a virtual network between the host and the virtual machine.

To allow ourselves to perform the ssh connection, we decided to go with the option of reverse ssh tunneling. To do so, we needed to install and start the ssh server.

After that, we got the IP of the host machine.

Then, we used the terminal of the virtual machine to execute the following ssh command:

ssh -N -T -R 22222:localhost:22 host_machine_user@host_machine_ip;

That created a connection to the host machine and blocked the terminal as expected since it was an active application.

Finally, from the host, we executed the following to ssh into the virtual machine:

ssh -p 22222 virtual_machine_user@localhost;

The biggest disadvantage of this method is that you need to enable ssh on your host machine.

The biggest advantage is the ease with which anyone can set it up.

Notes on the ssh parameters:

-N Do not execute a remote command. This is useful for just forwarding ports.

-T Disable pseudo-terminal allocation.

-R remote_socket:host:hostport Specifies that connections to the given TCP port or Unix socket on the remote (server) host are to be forwarded to the local side.